From: Morris, A. <am...@ca...> - 2012-01-30 14:24:35
|
Firstly, apologies for constantly e-mailing this list. It feels like every time one problem gets resolved two more raise their heads, and I'm grateful for all the help I've received this far. I'm still having violations being retriggered. Francois suggested removing the isolation vlan from the trapping.range of pf.conf but this hasn't made any difference. I forced my test laptop to cause several violations to test the SoH and they were all triggered perfectly, however after re-enabling the network I remediated all of the violations yet they still trigger each time the grace period expires. My current trapping range only contains my registration vlan, but it will contain production vlans after reading Francois' latest e-mail to me. The other problem I'm seeing is that each time my test laptop is rebooted it gets bounced back to the registration vlan, even though it is registered with packetfence. It is not actually asking me to register again, just reporting the it is unable to detect network activity. Unplugging the network cable and plugging it back in again results in it being given the normal vlan ip address. I still don't have any internet access on my dev network, so I'm not sure whether that affects this. I understand that a 1px file is retrieved from the packetfence website to detect network access, so if this happens each time an endpoint is connected then this would explain why I'm seeing this issue, but not necessarily why reconnecting the network cable would resolve it. Below is a section from the packetfence .log during the time I was replicating both of these errors on the test laptop: Jan 30 13:42:19 pf::WebAPI(7247) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: host/Laptop; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf557a78586a) (pf::soh::authorize) Jan 30 13:42:20 pf::WebAPI(7247) INFO: calling '/usr/local/pf/bin/pfcmd violation add vid=4000001,mac=00:24:54:42:86:04' (trigger soh::2) (pf::violation::violation_trigger) Jan 30 13:42:20 pfcmd(7275) INFO: pfcmd calling violation_add for 00:24:54:42:86:04 (main::command_param) Jan 30 13:42:20 pfcmd(7275) INFO: grace expired on violation 4000001 for node 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:20 pfcmd(7275) INFO: violation 4000001 added for 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:20 pfcmd(7275) INFO: executing action 'email' on class 4000001 (pf::action::action_execute) Jan 30 13:42:23 pfcmd(7275) INFO: email regarding 'PF Alert: SoH No antivirus enabled detection on 00:24:54:42:86:04' sent to am...@uw... (pf::util::pfmailer) Jan 30 13:42:23 pfcmd(7275) INFO: executing action 'log' on class 4000001 (pf::action::action_execute) Jan 30 13:42:23 pfcmd(7275) WARN: unable to resolve 00:24:54:42:86:04 to ip (pf::iplog::mac2ip) Jan 30 13:42:23 pfcmd(7275) INFO: /usr/local/pf/logs/violation.log 2012-01-30 13:42:23: SoH No antivirus enabled (4000001) detected on node 00:24:54:42:86:04 (0) (pf::action::action_log) Jan 30 13:42:23 pfcmd(7275) INFO: executing action 'trap' on class 4000001 (pf::action::action_execute) Jan 30 13:42:23 pfcmd(7275) INFO: re-evaluating access for node 00:24:54:42:86:04 (violation_add called) (pf::enforcement::reevaluate_access) Jan 30 13:42:23 pfcmd(7275) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:23 pfcmd(7275) INFO: highest priority violation for 00:24:54:42:86:04 is 4000001. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:42:23 pfcmd(7275) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:23 pfcmd(7275) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:42:24 pf::WebAPI(7247) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:42:24 pf::WebAPI(7247) INFO: calling '/usr/local/pf/bin/pfcmd violation add vid=4000003,mac=00:24:54:42:86:04' (trigger soh::4) (pf::violation::violation_trigger) Jan 30 13:42:24 pfcmd(7280) INFO: pfcmd calling violation_add for 00:24:54:42:86:04 (main::command_param) Jan 30 13:42:25 pfcmd(7280) INFO: grace expired on violation 4000003 for node 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:25 pfcmd(7280) INFO: violation 4000003 added for 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:25 pfcmd(7280) INFO: executing action 'email' on class 4000003 (pf::action::action_execute) Jan 30 13:42:27 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:42:27 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:42:27 pfsetvlan(1) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:42:27 pfsetvlan(1) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:42:28 pfcmd(7280) INFO: email regarding 'PF Alert: SoH Windows Updates detection on 00:24:54:42:86:04' sent to am...@uw... (pf::util::pfmailer) Jan 30 13:42:28 pfcmd(7280) INFO: executing action 'log' on class 4000003 (pf::action::action_execute) Jan 30 13:42:28 pfcmd(7280) WARN: unable to resolve 00:24:54:42:86:04 to ip (pf::iplog::mac2ip) Jan 30 13:42:28 pfcmd(7280) INFO: /usr/local/pf/logs/violation.log 2012-01-30 13:42:28: SoH Windows Updates (4000003) detected on node 00:24:54:42:86:04 (0) (pf::action::action_log) Jan 30 13:42:28 pfcmd(7280) INFO: executing action 'trap' on class 4000003 (pf::action::action_execute) Jan 30 13:42:28 pfcmd(7280) INFO: re-evaluating access for node 00:24:54:42:86:04 (violation_add called) (pf::enforcement::reevaluate_access) Jan 30 13:42:28 pfcmd(7280) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:28 pfcmd(7280) INFO: highest priority violation for 00:24:54:42:86:04 is 4000001. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:42:28 pfcmd(7280) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:28 pfcmd(7280) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:42:28 pfcmd_vlan(7284) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:42:28 pf::WebAPI(7247) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:42:28 pf::WebAPI(7247) INFO: calling '/usr/local/pf/bin/pfcmd violation add vid=4000005,mac=00:24:54:42:86:04' (trigger soh::6) (pf::violation::violation_trigger) Jan 30 13:42:28 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Jan 30 13:42:29 pfcmd(7287) INFO: pfcmd calling violation_add for 00:24:54:42:86:04 (main::command_param) Jan 30 13:42:29 pfcmd(7287) INFO: grace expired on violation 4000005 for node 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:29 pfcmd(7287) INFO: violation 4000005 added for 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:29 pfcmd(7287) INFO: executing action 'email' on class 4000005 (pf::action::action_execute) Jan 30 13:42:31 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:42:31 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:42:31 pfsetvlan(3) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:42:31 pfsetvlan(3) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:42:32 pfcmd_vlan(7291) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:42:32 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Jan 30 13:42:33 pfcmd(7287) INFO: email regarding 'PF Alert: SoH No Spyware detection on 00:24:54:42:86:04' sent to am...@uw... (pf::util::pfmailer) Jan 30 13:42:33 pfcmd(7287) INFO: executing action 'log' on class 4000005 (pf::action::action_execute) Jan 30 13:42:33 pfcmd(7287) WARN: unable to resolve 00:24:54:42:86:04 to ip (pf::iplog::mac2ip) Jan 30 13:42:33 pfcmd(7287) INFO: /usr/local/pf/logs/violation.log 2012-01-30 13:42:33: SoH No Spyware (4000005) detected on node 00:24:54:42:86:04 (0) (pf::action::action_log) Jan 30 13:42:33 pfcmd(7287) INFO: executing action 'trap' on class 4000005 (pf::action::action_execute) Jan 30 13:42:33 pfcmd(7287) INFO: re-evaluating access for node 00:24:54:42:86:04 (violation_add called) (pf::enforcement::reevaluate_access) Jan 30 13:42:33 pfcmd(7287) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:33 pfcmd(7287) INFO: highest priority violation for 00:24:54:42:86:04 is 4000001. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:42:33 pfcmd(7287) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:33 pfcmd(7287) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:42:33 pf::WebAPI(7247) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:42:33 pf::WebAPI(7247) INFO: calling '/usr/local/pf/bin/pfcmd violation add vid=4000006,mac=00:24:54:42:86:04' (trigger soh::7) (pf::violation::violation_trigger) Jan 30 13:42:34 pfcmd(7294) INFO: pfcmd calling violation_add for 00:24:54:42:86:04 (main::command_param) Jan 30 13:42:34 pfcmd(7294) INFO: grace expired on violation 4000006 for node 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:34 pfcmd(7294) INFO: violation 4000006 added for 00:24:54:42:86:04 (pf::violation::violation_add) Jan 30 13:42:34 pfcmd(7294) INFO: executing action 'email' on class 4000006 (pf::action::action_execute) Jan 30 13:42:37 pfsetvlan(23) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:42:37 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:42:37 pfsetvlan(5) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:42:37 pfsetvlan(5) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:42:37 pfcmd(7294) INFO: email regarding 'PF Alert: SoH Spyware out of date detection on 00:24:54:42:86:04' sent to am...@uw... (pf::util::pfmailer) Jan 30 13:42:37 pfcmd(7294) INFO: executing action 'log' on class 4000006 (pf::action::action_execute) Jan 30 13:42:37 pfcmd(7294) WARN: unable to resolve 00:24:54:42:86:04 to ip (pf::iplog::mac2ip) Jan 30 13:42:37 pfcmd(7294) INFO: /usr/local/pf/logs/violation.log 2012-01-30 13:42:37: SoH Spyware out of date (4000006) detected on node 00:24:54:42:86:04 (0) (pf::action::action_log) Jan 30 13:42:37 pfcmd(7294) INFO: executing action 'trap' on class 4000006 (pf::action::action_execute) Jan 30 13:42:37 pfcmd(7294) INFO: re-evaluating access for node 00:24:54:42:86:04 (violation_add called) (pf::enforcement::reevaluate_access) Jan 30 13:42:37 pfcmd(7294) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:38 pfcmd(7294) INFO: highest priority violation for 00:24:54:42:86:04 is 4000001. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:42:38 pfcmd(7294) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:42:38 pfcmd(7294) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:42:38 pf::WebAPI(7247) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:42:38 pfcmd_vlan(7299) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:42:38 pfsetvlan(5) INFO: finished (main::cleanupAfterThread) Jan 30 13:42:41 pfsetvlan(24) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:42:41 pfsetvlan(7) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:42:41 pfsetvlan(7) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:42:41 pfsetvlan(7) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:42:42 pfcmd_vlan(7301) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:42:42 pfsetvlan(7) INFO: finished (main::cleanupAfterThread) Jan 30 13:43:19 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.2.1.20) (main::parse_dhcp_request) Jan 30 13:43:19 pfdhcplistener(6975) INFO: could not resolve 10.2.1.20 to mac in ARP table (pf::iplog::ip2macinarp) Jan 30 13:43:21 pfdhcplistener(6975) INFO: could not resolve 10.2.1.20 to mac in ARP table (pf::iplog::ip2macinarp) Jan 30 13:43:21 pfdhcplistener(6975) WARN: could not resolve 10.2.1.20 to mac (pf::iplog::ip2mac) Jan 30 13:43:21 pfdhcplistener(6975) WARN: unable to resolve 00:24:54:42:86:04 to ip (pf::iplog::mac2ip) Jan 30 13:43:21 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:43:21,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:43:21 pfdhcplistener(6975) INFO: DHCPOFFER from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_offer) Jan 30 13:43:21 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_request) Jan 30 13:43:21 pfdhcplistener(6975) INFO: resolved 10.1.4.20 to mac (00:24:54:42:86:04) in ARP table (pf::iplog::ip2macinarp) Jan 30 13:43:21 pfdhcplistener(6975) INFO: oldip (10.2.1.20) and newip (10.1.4.20) are different for 00:24:54:42:86:04 - closing iplog entry (main::update_iplog) Jan 30 13:43:21 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:43:21,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:43:21 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:43:30 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:43:30,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:43:30 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:43:31 pfdhcplistener(6975) INFO: DHCPACK CIADDR from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_ack) Jan 30 13:43:40 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:43:40,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:43:40 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:43:50 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:43:50,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:43:50 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:44:00 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:44:00,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:44:00 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:44:10 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:44:10,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:44:10 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:44:21 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:44:20,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:44:21 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:44:30 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:44:30,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:44:30 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:44:40 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:44:40,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:44:40 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:44:48 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:44:48 redir.cgi(0) INFO: Updating node 00:24:54:42:86:04 user_agent with useragent: 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7' (pf::web::web_node_record_user_agent) Jan 30 13:44:48 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Jan 30 13:44:48 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000001, redirect url: /remediation.php?template=noantivirus (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:44:49 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:44:49 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000001, redirect url: /remediation.php?template=noantivirus (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:44:50 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:44:50,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:44:50 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:45:00 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:45:00,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:45:00 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:45:05 release.pm(0) INFO: calling /usr/local/pf/bin/pfcmd manage vclose 00:24:54:42:86:04 4000001 (pf::web::release::handler) Jan 30 13:45:05 pfcmd(7509) INFO: violation 4000001 closed for 00:24:54:42:86:04 (pf::violation::violation_close) Jan 30 13:45:05 pfcmd(7509) INFO: re-evaluating access for node 00:24:54:42:86:04 (manage_vclose called) (pf::enforcement::reevaluate_access) Jan 30 13:45:05 pfcmd(7509) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:06 pfcmd(7509) INFO: highest priority violation for 00:24:54:42:86:04 is 4000003. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:45:06 pfcmd(7509) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:06 pfcmd(7509) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:45:06 release.pm(0) INFO: pfcmd manage vclose 00:24:54:42:86:04 4000001 returned 7200 (pf::web::release::handler) Jan 30 13:45:06 release.pm(0) INFO: 00:24:54:42:86:04 enabled for 7200 minutes (pf::web::release::handler) Jan 30 13:45:06 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:06 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000003, redirect url: /remediation.php?template=wupdate (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:06 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:06 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000003, redirect url: /remediation.php?template=wupdate (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:09 pfsetvlan(25) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:45:09 pfsetvlan(9) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:45:09 pfsetvlan(9) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:45:09 pfsetvlan(9) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:45:09 release.pm(0) INFO: calling /usr/local/pf/bin/pfcmd manage vclose 00:24:54:42:86:04 4000003 (pf::web::release::handler) Jan 30 13:45:10 pfcmd(7527) INFO: violation 4000003 closed for 00:24:54:42:86:04 (pf::violation::violation_close) Jan 30 13:45:10 pfcmd(7527) INFO: re-evaluating access for node 00:24:54:42:86:04 (manage_vclose called) (pf::enforcement::reevaluate_access) Jan 30 13:45:10 pfcmd(7527) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:10 pfcmd_vlan(7526) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:45:10 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:45:10,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:45:10 pfcmd(7527) INFO: highest priority violation for 00:24:54:42:86:04 is 4000005. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:45:10 pfcmd(7527) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:10 pfcmd(7527) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:45:11 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:45:11 pfsetvlan(9) INFO: finished (main::cleanupAfterThread) Jan 30 13:45:11 release.pm(0) INFO: pfcmd manage vclose 00:24:54:42:86:04 4000003 returned 7200 (pf::web::release::handler) Jan 30 13:45:11 release.pm(0) INFO: 00:24:54:42:86:04 enabled for 7200 minutes (pf::web::release::handler) Jan 30 13:45:11 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:11 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000005, redirect url: /remediation.php?template=nospyware (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:11 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:11 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000005, redirect url: /remediation.php?template=nospyware (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:13 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:45:13 pfsetvlan(11) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:45:13 pfsetvlan(11) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:45:13 pfsetvlan(11) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:45:14 pfcmd_vlan(7552) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:45:14 pfsetvlan(11) INFO: finished (main::cleanupAfterThread) Jan 30 13:45:14 release.pm(0) INFO: calling /usr/local/pf/bin/pfcmd manage vclose 00:24:54:42:86:04 4000005 (pf::web::release::handler) Jan 30 13:45:15 pfcmd(7554) INFO: violation 4000005 closed for 00:24:54:42:86:04 (pf::violation::violation_close) Jan 30 13:45:15 pfcmd(7554) INFO: re-evaluating access for node 00:24:54:42:86:04 (manage_vclose called) (pf::enforcement::reevaluate_access) Jan 30 13:45:15 pfcmd(7554) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:15 pfcmd(7554) INFO: highest priority violation for 00:24:54:42:86:04 is 4000006. Target VLAN for violation: isolationVlan (705) (pf::vlan::getViolationVlan) Jan 30 13:45:15 pfcmd(7554) INFO: VLAN reassignment required for 00:24:54:42:86:04 (current VLAN = 721 but should be in VLAN 705) (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:15 pfcmd(7554) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:45:15 release.pm(0) INFO: pfcmd manage vclose 00:24:54:42:86:04 4000005 returned 7200 (pf::web::release::handler) Jan 30 13:45:15 release.pm(0) INFO: 00:24:54:42:86:04 enabled for 7200 minutes (pf::web::release::handler) Jan 30 13:45:15 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:15 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000006, redirect url: /remediation.php?template=spyoutofdate (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:15 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:15 redir.cgi(0) INFO: captive portal redirect on violation vid: 4000006, redirect url: /remediation.php?template=spyoutofdate (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:45:16 pfdhcplistener(6975) INFO: DHCPACK CIADDR from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_ack) Jan 30 13:45:18 release.pm(0) INFO: calling /usr/local/pf/bin/pfcmd manage vclose 00:24:54:42:86:04 4000006 (pf::web::release::handler) Jan 30 13:45:19 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:45:19 pfsetvlan(13) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:45:19 pfsetvlan(13) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:45:19 pfsetvlan(13) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:45:19 pfcmd(7575) INFO: violation 4000006 closed for 00:24:54:42:86:04 (pf::violation::violation_close) Jan 30 13:45:19 pfcmd(7575) INFO: re-evaluating access for node 00:24:54:42:86:04 (manage_vclose called) (pf::enforcement::reevaluate_access) Jan 30 13:45:19 pfcmd(7575) INFO: 00:24:54:42:86:04 is currentlog connected at 10.1.1.21 ifIndex 02 in VLAN 721 (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:45:19 pfcmd(7575) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:45:20 release.pm(0) INFO: pfcmd manage vclose 00:24:54:42:86:04 4000006 returned 7200 (pf::web::release::handler) Jan 30 13:45:20 release.pm(0) INFO: 00:24:54:42:86:04 enabled for 7200 minutes (pf::web::release::handler) Jan 30 13:45:20 register.cgi(0) INFO: 10.1.4.20 - 00:24:54:42:86:04 (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Jan 30 13:45:20 pfcmd_vlan(7576) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:45:20 pfsetvlan(13) INFO: finished (main::cleanupAfterThread) Jan 30 13:45:21 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:45:21,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:45:21 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:45:30 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:45:30,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:45:30 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:45:33 pfmon(1) INFO: running expire check (main::cleanup) Jan 30 13:45:33 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup) Jan 30 13:45:40 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:45:40,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:45:40 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:45:49 pf::WebAPI(7593) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: sm18818; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf55f7809df5) (pf::soh::authorize) Jan 30 13:45:49 pf::WebAPI(7593) INFO: 6991 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:45:49 pf::WebAPI(7593) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:45:49 pf::WebAPI(7593) INFO: 6995 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:45:49 pf::WebAPI(7593) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:45:49 pf::WebAPI(7593) INFO: 7000 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:45:49 pf::WebAPI(7593) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:45:49 pf::WebAPI(7593) INFO: 7005 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:45:49 pf::WebAPI(7593) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:45:49 pf::WebAPI(7544) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:45:49 pf::WebAPI(7544) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:45:49 pf::WebAPI(7544) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:45:50 pf::WebAPI(7594) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:45:50 pf::WebAPI(7594) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:45:50 pf::WebAPI(7594) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:47:48 pf::WebAPI(7096) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: host/Laptop; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf563f221d36) (pf::soh::authorize) Jan 30 13:47:48 pf::WebAPI(7096) INFO: 6872 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:47:48 pf::WebAPI(7096) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:47:49 pf::WebAPI(7096) INFO: 6875 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:47:49 pf::WebAPI(7096) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:47:49 pf::WebAPI(7096) INFO: 6880 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:47:49 pf::WebAPI(7096) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:47:49 pf::WebAPI(7096) INFO: 6885 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:47:49 pf::WebAPI(7096) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:48:46 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.2.1.20) (main::parse_dhcp_request) Jan 30 13:48:46 pfdhcplistener(6975) INFO: resolved 10.2.1.20 to mac (00:24:54:42:86:04) in ARP table (pf::iplog::ip2macinarp) Jan 30 13:48:46 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:48:46,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:48:47 pfdhcplistener(6975) INFO: DHCPOFFER from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_offer) Jan 30 13:48:47 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_request) Jan 30 13:48:47 pfdhcplistener(6975) INFO: resolved 10.1.4.20 to mac (00:24:54:42:86:04) in ARP table (pf::iplog::ip2macinarp) Jan 30 13:48:47 pfdhcplistener(6975) INFO: oldip (10.2.1.20) and newip (10.1.4.20) are different for 00:24:54:42:86:04 - closing iplog entry (main::update_iplog) Jan 30 13:48:47 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:48:47,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:48:47 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:48:57 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:48:57,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:48:57 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:49:00 pfdhcplistener(6975) INFO: DHCPACK CIADDR from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_ack) Jan 30 13:49:08 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:49:08,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:49:08 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:49:18 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:49:18,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:49:18 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:49:29 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:49:29,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:49:29 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:49:39 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:49:39,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:49:39 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:49:49 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:49:49,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:49:49 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:49:59 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:49:59,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:49:59 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:50:00 redir.cgi(0) INFO: 00:24:54:42:86:04 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:50:00 redir.cgi(0) INFO: Updating node 00:24:54:42:86:04 user_agent with useragent: 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7' (pf::web::web_node_record_user_agent) Jan 30 13:50:00 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Jan 30 13:50:00 redir.cgi(0) INFO: MAC 00:24:54:42:86:04 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jan 30 13:50:00 redir.cgi(0) INFO: re-evaluating access for node 00:24:54:42:86:04 (redir.cgi called) (pf::enforcement::reevaluate_access) Jan 30 13:50:00 redir.cgi(0) INFO: 00:24:54:42:86:04 VLAN reassignment is forced. (pf::enforcement::_should_we_reassign_vlan) Jan 30 13:50:00 redir.cgi(0) INFO: switch port for 00:24:54:42:86:04 is 10.1.1.21 ifIndex 02 connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation) Jan 30 13:50:03 pfsetvlan(23) INFO: local (127.0.0.1) trap for switch 10.1.1.21 (main::parseTrap) Jan 30 13:50:03 pfsetvlan(15) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jan 30 13:50:03 pfsetvlan(15) INFO: reAssignVlan trap received on 10.1.1.21 ifIndex 2 (main::handleTrap) Jan 30 13:50:03 pfsetvlan(15) INFO: Forcing 802.1x re-authentication on 10.1.1.21:2. A new VLAN will be assigned. (main::handleTrap) Jan 30 13:50:04 pfcmd_vlan(7811) INFO: wired deauthentication of a 802.1x MAC (main::) Jan 30 13:50:04 pfsetvlan(15) INFO: finished (main::cleanupAfterThread) Jan 30 13:50:10 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:50:09,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:50:10 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:50:19 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:50:19,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:50:19 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:51:11 pfdhcplistener(6975) INFO: DHCPOFFER from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_offer) Jan 30 13:51:11 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_request) Jan 30 13:51:11 pfdhcplistener(6975) INFO: resolved 10.1.4.20 to mac (00:24:54:42:86:04) in ARP table (pf::iplog::ip2macinarp) Jan 30 13:51:11 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:51:11,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:51:11 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:51:21 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:51:21,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:51:21 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:51:23 pfdhcplistener(6975) INFO: DHCPACK CIADDR from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_ack) Jan 30 13:51:31 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:51:31,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:51:31 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:51:41 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:51:41,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:51:41 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:51:58 pf::WebAPI(7595) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: sm18818; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf56d34d6ff3) (pf::soh::authorize) Jan 30 13:51:58 pf::WebAPI(7595) INFO: 6622 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:51:58 pf::WebAPI(7595) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:51:58 pf::WebAPI(7595) INFO: 6626 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:51:58 pf::WebAPI(7595) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:51:58 pf::WebAPI(7595) INFO: 6631 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:51:58 pf::WebAPI(7595) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:51:58 pf::WebAPI(7595) INFO: 6636 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:51:58 pf::WebAPI(7595) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:51:59 pf::WebAPI(7776) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:51:59 pf::WebAPI(7776) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:51:59 pf::WebAPI(7776) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:51:59 pf::WebAPI(7495) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:51:59 pf::WebAPI(7495) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:51:59 pf::WebAPI(7495) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:53:02 pf::WebAPI(7777) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: host/Laptop; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf56f952cabb) (pf::soh::authorize) Jan 30 13:53:02 pf::WebAPI(7777) INFO: 6558 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:53:02 pf::WebAPI(7777) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:53:02 pf::WebAPI(7777) INFO: 6562 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:53:02 pf::WebAPI(7777) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:53:02 pf::WebAPI(7777) INFO: 6567 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:53:02 pf::WebAPI(7777) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:53:02 pf::WebAPI(7777) INFO: 6572 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:53:02 pf::WebAPI(7777) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:53:43 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.2.1.20) (main::parse_dhcp_request) Jan 30 13:53:43 pfdhcplistener(6975) INFO: could not resolve 10.2.1.20 to mac in ARP table (pf::iplog::ip2macinarp) Jan 30 13:53:45 pfdhcplistener(6975) INFO: could not resolve 10.2.1.20 to mac in ARP table (pf::iplog::ip2macinarp) Jan 30 13:53:45 pfdhcplistener(6975) WARN: could not resolve 10.2.1.20 to mac (pf::iplog::ip2mac) Jan 30 13:53:45 pfdhcplistener(6975) WARN: unable to resolve 00:24:54:42:86:04 to ip (pf::iplog::mac2ip) Jan 30 13:53:45 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:53:45,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:53:45 pfdhcplistener(6975) INFO: DHCPOFFER from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_offer) Jan 30 13:53:45 pfdhcplistener(6975) INFO: DHCPREQUEST from 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_request) Jan 30 13:53:45 pfdhcplistener(6975) INFO: resolved 10.1.4.20 to mac (00:24:54:42:86:04) in ARP table (pf::iplog::ip2macinarp) Jan 30 13:53:45 pfdhcplistener(6975) INFO: oldip (10.2.1.20) and newip (10.1.4.20) are different for 00:24:54:42:86:04 - closing iplog entry (main::update_iplog) Jan 30 13:53:45 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:53:45,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:53:45 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:53:54 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:53:54,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:53:54 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:53:57 pfdhcplistener(6975) INFO: DHCPACK CIADDR from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) (main::parse_dhcp_ack) Jan 30 13:54:04 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:54:04,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:54:04 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:54:14 pfdhcplistener(6975) INFO: 00:24:54:42:86:04 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-01-30 13:54:14,computername = Laptop,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Jan 30 13:54:14 pfdhcplistener(6975) INFO: DHCPACK from 10.1.4.10 (00:13:21:f1:cb:b9) to host 00:24:54:42:86:04 (10.1.4.20) for 20 seconds (main::parse_dhcp_ack) Jan 30 13:54:30 pf::WebAPI(7544) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: sm18818; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf572dfaa96a) (pf::soh::authorize) Jan 30 13:54:30 pf::WebAPI(7544) INFO: 6470 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:54:30 pf::WebAPI(7544) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:54:30 pf::WebAPI(7544) INFO: 6474 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:54:30 pf::WebAPI(7544) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:54:30 pf::WebAPI(7544) INFO: 6479 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:54:30 pf::WebAPI(7544) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:54:30 pf::WebAPI(7544) INFO: 6484 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:54:30 pf::WebAPI(7544) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:54:30 pf::WebAPI(7782) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:54:30 pf::WebAPI(7782) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:54:30 pf::WebAPI(7782) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:54:30 pf::WebAPI(7776) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:54:30 pf::WebAPI(7776) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:54:30 pf::WebAPI(7776) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:55:33 pfmon(1) INFO: running expire check (main::cleanup) Jan 30 13:55:33 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup) Jan 30 13:55:59 pf::WebAPI(7905) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: sm18818; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf57628166d6) (pf::soh::authorize) Jan 30 13:55:59 pf::WebAPI(7905) INFO: 6381 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:55:59 pf::WebAPI(7905) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:55:59 pf::WebAPI(7905) INFO: 6385 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:55:59 pf::WebAPI(7905) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:55:59 pf::WebAPI(7905) INFO: 6390 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:55:59 pf::WebAPI(7905) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:55:59 pf::WebAPI(7905) INFO: 6395 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:55:59 pf::WebAPI(7905) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:55:59 pf::WebAPI(7399) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:55:59 pf::WebAPI(7399) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:55:59 pf::WebAPI(7399) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:56:00 pf::WebAPI(8062) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:56:00 pf::WebAPI(8062) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:56:00 pf::WebAPI(8062) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:56:00 pf::WebAPI(8063) INFO: Evaluating SoH from client Laptop (MAC: 00-24-54-42-86-04; Port: 50002; User: sm18818; OS: Microsoft Windows 7 (or Server 2008 R2), sp 1; id: 0xd4ee70d8587d41fb953f54a30e2e14a501ccdf5763b6d9ba) (pf::soh::authorize) Jan 30 13:56:00 pf::WebAPI(8063) INFO: 6380 grace remaining on violation 4000001 (trigger soh::2) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:56:00 pf::WebAPI(8063) INFO: MAC 00:24:54:42:86:04 matched filter NoAntivirus (pf::soh::evaluate) Jan 30 13:56:01 pf::WebAPI(8063) INFO: 6383 grace remaining on violation 4000003 (trigger soh::4) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:56:01 pf::WebAPI(8063) INFO: MAC 00:24:54:42:86:04 matched filter WUpdates (pf::soh::evaluate) Jan 30 13:56:01 pf::WebAPI(8063) INFO: 6388 grace remaining on violation 4000005 (trigger soh::6) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:56:01 pf::WebAPI(8063) INFO: MAC 00:24:54:42:86:04 matched filter NoSpyware (pf::soh::evaluate) Jan 30 13:56:01 pf::WebAPI(8063) INFO: 6393 grace remaining on violation 4000006 (trigger soh::7) for node 00:24:54:42:86:04. Not adding violation. (pf::violation::violation_trigger) Jan 30 13:56:01 pf::WebAPI(8063) INFO: MAC 00:24:54:42:86:04 matched filter Spyoutofdate (pf::soh::evaluate) Jan 30 13:56:01 pf::WebAPI(8064) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:56:01 pf::WebAPI(8064) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:56:01 pf::WebAPI(8064) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Jan 30 13:56:01 pf::WebAPI(7544) INFO: handling radius autz request: from switch_ip => 10.1.1.21, connection_type => Ethernet-EAP mac => 00:24:54:42:86:04, port => 50002, username => sm18818 (pf::radius::authorize) Jan 30 13:56:01 pf::WebAPI(7544) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:56:01 pf::WebAPI(7544) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> |